[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Final call for consensus poll for IANA #409959 NAS-Port-Type value request



You cant use Service-Type because service type is also indicating
authorize only or authenticate only and call-check etc. and thus you cant
express the Type of Service as well.  I pointed this out oh it seem like
30 years ago when we were doing Chiba work.

-- Avi Lior
--Bridgewater Systems






On 08-06-11 08:48 , "Stefan Winter" <stefan.winter@restena.lu> wrote:

>Hi,
>
>> I think we need to get these question marks discussed before saying no.
>>
>> Historically, the NAS-port-type is associated with the L1/L2 port over
>> which the ³access² service is provided. But with the new use of
>> RADIUS, this view is no longer applicable. Again, consider a Mobile IP
>> Home Agent node implementing RADIUS client for AAAing the MN¹s
>> registration requests. The L1/L2 port that receives the MN
>> registration request has no significance, and it can be one of many
>> types. Here, our thinking is, the ³logical² port is the ³Mobile IP
>> Home Agent², and that has nothing to do with the L1/L2 port.
>>
>> What do people think?
>>
>>
>
>If the use of RADIUS has nothing to do with giving access to real
>NAS-Ports - then why overload the NAS-Port-Type attribute for this
>unrelated business? NAS-Port-Type is optional, so if you don't provision
>service on a NAS port leave the attribute out.
>
>RFC2865 says: An Access-Request SHOULD contain a NAS-Port or NAS-Port-Type
>attribute or both unless the type of access being requested does
>not involve a port or the NAS does not distinguish among its
>ports.
>
>Sounds clear to me :-)
>
>I understand the need for signalling for what kind of service the user
>is being authenticated. I have same at home where our RADIUS server does
>IMAP, SMTP, 802.11, Jabber, Dialup, etc... logins. These are different
>services; so it would sound natural to use Service-Type for it:
>
>RFC2865 says: This Attribute indicates the type of service the user has
>requested, or the type of service to be provided.
>
>Which is, BTW, extremely similar to how I solved the problem for me. I
>defined a VSA "RESTENA-Service-Type" (string) and put things like "IMAP"
>into it. That makes server-side per-service processing easy.
>
>Of course, WiMAX could get a "real" Service-Type value instead and
>wouldn't need to hide behind a VSA :-)
>
>Greetings,
>
>Stefan Winter
>
>-- 
>Stefan WINTER
>Ingenieur de Recherche
>Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
>de la Recherche
>6, rue Richard Coudenhove-Kalergi
>L-1359 Luxembourg
>
>Tel: +352 424409 1
>Fax: +352 422473
>
>


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>